To recover an account for API flows, you can use the following endpoints: 1. Create Recovery Flow for Native Apps: This endpoint is used to initiate a recovery flow for API clients such as mobile devices, smart TVs, etc. The endpoint is

GET /self-service/recovery/api

. Note that this endpoint should not be used in client-side applications like Single Page Apps (SPAs), ReactJS, AngularJS, nor server-side browser applications like Java Server Pages, NodeJS, PHP, Golang, etc. Using this endpoint in these applications can make you vulnerable to a variety of CSRF attacks. This endpoint should only be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, etc.) [source](https://www.ory.sh/docs/reference/api#tag/frontend/operation/createNativeRecoveryFlow). 2. Get Recovery Flow: This endpoint returns a recovery flow's context with, for example, error details and other information. The endpoint is

GET /self-service/recovery/flows

. For AJAX requests, you must ensure that cookies are included in the request or requests will fail. [source](https://www.ory.sh/docs/reference/api#tag/frontend/operation/getRecoveryFlow). 3. Update Recovery Flow: Use this endpoint to update a recovery flow. The endpoint is

POST /self-service/recovery

. This endpoint behaves differently for API and browser flows and has several states. [source](https://www.ory.sh/docs/reference/api#tag/frontend/operation/updateRecoveryFlow). Remember to use the correct API endpoints for your application type. For native applications, you must use

/self-service/recovery/api

. Here is an example of how to create a recovery flow using cURL for native applications:

bash curl -H 'Content-Type: application/json' \    -H 'Accept: application/json' \    -c cookies.txt \    "https://{project.slug}.<http://projects.oryapis.com/self-service/recovery/api|projects.oryapis.com/self-service/recovery/api>"

Please note that Ory supports two recovery methods: Recovery by one-time codes (

code

) and Recovery by magic links (

link

). The

code

method is the default, preferred, and recommended method by Ory. The

link

method is considered a legacy solution and is set to be removed in future releases [source](https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset#supported-recovery-methods).